LimeWire in the Crosshairs of Anti-P2P Legislation

The House Energy & Commerce Committee is scheduled to mark up tomorrow a bill dubbed the Informed P2P User Act (H.R. 1319) that aims to prevent accidental file-sharing by mandating the display of clear warnings during the installation and usage of P2P software. Critics, however, fear that the final bill might end up going much further, regulating FTP clients, web browsers and even complete operating systems.

The bill could also have implications for anyone trying to leverage P2P for video distribution via solutions like the Octoshape Flash plug-in that was used by CNN.com to handle the Obama inauguration livestream traffic. The irony of the whole controversy is that much of the support for H.R. 1319 has been motivated by an almost religious disdain for just one file-sharing program in particular.

Advertisement

The Informed P2P User Act, which was introduced by Rep. Mary Bono Mack (R-CA) in March, is supposed to prevent so-called inadvertent file-sharing, which has in the past resulted in the leaking of Social Security numbers, tax returns and even classified government documents. Inadvertent file-sharing is usually caused by users accidentally sharing their documents folder or even their entire hard disk with everyone connected to the same P2P network. The bill would force makers of P2P software to inform users about its file-sharing capabilities and get their informed consent before installing the software in question. Users would also have to acknowledge that they know what they’re about to do before sharing any file. Sounds reasonable, doesn’t it?

It would be, except the bill defines P2P applications as anything that “designate(s) files available for transmission to another computer” as well as transmits and receives files. Of course, the same can be said for FTP clients — or your browser, for that matter. “There’s little in this definition that limits the scope to an actual p2p application,” wrote Alex Curtis from Public Knowledge, and Declan McCullagh from CNet agreed: “Every copy of Windows, GNU/Linux, and Mac OS X sold in recent memory includes a command-line FTP client fitting that definition.” And the current definition would also affect P2P streaming solutions and BitTorrent clients, even though there is virtually no risk that anyone would share his Social Security number through downloading a torrent or accessing a P2P video stream.

One of the most vocal supporters of the bill is the Progress and Freedom Foundation’s Thomas Snydor, who’s testified before Congress numerous times about the subject. At the center of all of his testimonies is one single file-sharing client: LimeWire. Snydor alleges that the application has been intentionally designed to “prey on the weak” by tricking people into unknowingly sharing files.

He has repeatedly singled out functions of LimeWire that could lead to accidental file-sharing, claiming in his most recent testimony (PDF) that he was able to simulate the accidental sharing of almost 17,000 sensitive files “just by installing LimeWire 5.2.8.” Snydor had to backtrack later and admit that this was only possible because he prepared the PC by installing a previous version of LimeWire, enabling document sharing (an option hidden in a sub-menu that’s labeled with a clear warning message and takes six clicks to activate) and then uninstalling the earlier version before once again installing the client. LimeWire chairman Mark Gorton called the result of these actions in an interview with ComputerWeek “a highly misleading picture of reality.”

Of course, one might be able to argue that LimeWire could be doing a better job to prevent even such highly unlikely cases of accidental file-sharing. But do we really need a new bill for that? Even Thomas Snydor has difficulties justifying one. As he said in his most recent testimony, “[E]xisting laws already provide the authority needed to send a blunt and powerful message that would deter distributors of piracy-adapted file-sharing programs from causing further inadvertent sharing.”

John, I agree, but even hypothetical issues like the one presented by Snydor could be avoided if the feature was made install-specific, meaning: Overwrite the setting with default settings during every new install and ask a user to manually re-enable document sharing if he wants to do so …

I’m a big fan of having relevant security authorizations expire over time. Fireeagle.com does this really well, asking users every month or so if they still want to share their location with the world. File sharing programs could do the same thing, and tying it to new installs might be the way to go.

While members did change much of the definition to narrow the scope, there are still significant problems with the bill. For the record, the specific Bittorrent kind of filesharing was be carved out, as were many common applications like IM and email. However, developers of simple scripts and daemons that run in the background without user intervention could still be roped in. Also, the bill doesn’t address the problem of software that devs still distribute but do not maintain–will devs have to go back and update their wares?

“Of course, one might be able to argue that LimeWire could be doing a better job to prevent even such highly unlikely cases of accidental file-sharing.”
Is this a joke? LimeWire by default doesn’t allow to share documents, period. The user must go in the configuration, and enable the option allowing to share such documents explicitly.

Not only does Limewire version 5.0 and greater not contribute to accidental filesharing, the file sharing options available on those versions is miserable and won’t even allow one to select a folder as his “shared” folder. I deleted 5.0.2 and went back to the only available 4.18.8 version. In version 5.0 and greater Limewire has ditched the possibility to chat with other users and has substituted actual web addresses of file locations and of the folks who download from you and with cutesey madeup names to represent users and that’s an insult to us all. The actual file addresses provide important information about users. I want to know who’s downloading from me. Long live Limewire 4.0. boboberg@nyc.rr.com